<!doctype html>
<!-- Based on Nicholas C. Zakas post: -->
<!-- credit: http://www.nczonline.net/blog/2010/09/07/learning-from-xauth-cross-domain-localstorage/ -->
<html>
<body>
<script type="text/javascript">
(function(){

    //allowed domains (that can use RegExp)
    var whitelist = ["localhost", "127.0.0.1", "^.*\.domain\.com"];
    

    function verifyOrigin(origin){
        var domain = origin.replace(/^https?:\/\/|:\d{1,4}$/g, "").toLowerCase(),
            i = 0,
            len = whitelist.length;

        while(i < len) {
            if (domain.match(new RegExp(whitelist[i]))) {
                return true;
            }
            i++;
        }

        return false;
    }

    function handleRequest(event){
        if (verifyOrigin(event.origin)) {
            var request = JSON.parse(event.data);
            var storage = request.storage;
            
            if (request.type == 'get') {
                value = window[storage].getItem(request.key);
                event.source.postMessage(JSON.stringify({
                    id: request.id,
                    key:request.key,
                    value: value
                }), event.origin);
            } else if (request.type == 'set') {
                window[storage].setItem(request.key, request.value);
            } else if(request.type == 'remove') {
                window[storage].removeItem(request.key);
            }
        }
    }

    if(window.addEventListener) {
        window.addEventListener("message", handleRequest, false);
    } else if (window.attachEvent) {
        window.attachEvent("onmessage", handleRequest);
    }
})();
</script>
</body>
</html>
